Answered by:

Standalone CA

Question

I already have a 2003 (Ent. OS) based CA which is my Root Enterprise CA.

I wanna do POC of a security product on my production domain for which I need to issue certificates on tepmplate 'IP Sec (Offline Request)'. But this security product uses network enrollment so the CA for it has to be 2008 (on Enterprise OS). Also its clearly
mentioned that this CA for this security product has to be ROOT CA (SUB won't work).

And I can't upgrade OS of my existing 2003 CA to 2008 due to some limitations.

I created a new standalone ROOT CA server (on fresh Enterprise OS-2008 R2).

With this CA when I am trying to request a certificate I dont get option to request on template "IP SEC (Offline request)".

Following AD Enrollment Policy. It says- "The requested certificate template is not supported by this CA. A valid certificate authority(CA) configured to issue certificates based on this template cannot be located, or the CA does not support this operation,
or the CA is not trusted"

(After checking "Show all Templates")

Question:

I can do:

"New->Certificate Template to Issue" on my 2003 Enterprise Root CA.

Is there any way to get this option on my new Standalone 2008 Certificate Authority?

Or any other option? If not, shall I consider building a parallel new 2008 Enterprise CA? What harm can it make to my existing application running with 2003 this CA Certs.

Microsoft is conducting an online survey to understand your opinion of the Technet Web site. If you choose to participate, the online survey will be presented to you when you leave the Technet Web site.